Google Authenticator Now Supports Backing Up 2FA Codes Using Google Account

[MacRumors]

The Google Authenticator app used to store one-time access codes for account security now supports backups and syncing across devices using a Google Account, Google announced today.

With Google Account support, one-time passwords can be saved in the cloud, so if you lose the device with your Google Authenticator app installed, you won't lose access to all of your authentication codes. Prior to the integration of Google Account support, all codes in the Google Authenticator app were stored on device, which is problematic when a device is lost.

Google says with one-time passwords available in a Google Account, users are "better protected from lockout," increasing convenience and security. Google Account integration for Google Authenticator is available on both iOS and Android devices. Adding Google Account support will require signing into the account in the Google Authenticator app, and once that is done, codes will be automatically backed up and restored on any new device where you sign in to your Google Account.

The latest version of the app is required, and on iPhone and iPad, it can be downloaded from the App Store for free. [Direct Link]

Article Link: Google Authenticator Now Supports Backing Up 2FA Codes Using Google Account

 

[0924487]

Seems like a bad idea…

Google has your keys.

 

[jonnysods]

I appreciate this as I have run into this issue before - but cloud syncing 2FA codes could be a big issue.

 

[fenderbass146]

Thank goodness,I had to move to another platform due to this exact issue. That said, I don't want Google having it.

 

[icanhazmac]

Google? No thanks.

I try to limit my exposure to Google so installing an app like this, when other options exist, is verboten.

 

[TheYayAreaLiving 🎗️]

Sorry, but I have mad trust issues with Google. 😕

 

[Sydnxt]

Do you guys honestly think Google employees will be using your 2FA keys to login to your accounts?

 

[Cromulent]

I switched from Google Authenticator to Authy years ago to get cloud sync. I don't see the point in moving back to Google, though.

 

[KaliYoni]

I think the desirability of this new feature depends on how you use Google Authenticator. If you use GA 2FA codes for anything sensitive or confidential, such as banking (risk: losing control over a checking account or credit card) or mobile phone carrier accounts (risk: becoming the victim of a SIM swapping attack), it's probably better to copy the codes over to another device manually. That way you maintain complete control over critical information and avoid any exposure to the cloud.

But for logins that aren't for anything that needs to be kept private or secure, syncing via your Google account probably is OK in most circumstances.

In any case, I hope passkeys become widely adopted soon. Then all the time and effort we spend dealing with passwords and 2FA can be used on something more fun or more productive.

 

[jz0309]

Google and account security?? No thank you

 

[icanhazmac]

Do you guys honestly think Google employees will be using your 2FA keys to login to your accounts?

No.

What does concern me is what other information they are able to skim off my device simply because I have their app installed (location, clip board contents, etc.) that adds to their already voluminous collection. Simple as that.

Example: WTF does Google need my contacts for in order for the authenticator app to work? Why are they collecting Search History? Location?!!?! F Google!

 

[gpat]

Too little too late. Switched ages ago.

 

[mthomas184]

Never used it and never will. Looking at their privacy labels, there is no reason they need some of that stuff.

I use OTP Auth and its great.

 

[coolfactor]

I switched from Google Authenticator to Authy years ago to get cloud sync. I don't see the point in moving back to Google, though.

I used Authy, but eventually moved back to Authenticator, and when it came time to move to a new iPhone, Authenticator was a breeze! Previously, I had to log into each service, disable 2FA, and then re-enable it with the new device. A real pain. But I'm also worried that Google made some compromises to allow the transfer of codes between devices, as I originally understood the codes being generated are tied to the hardware profile.

 

[Calloom]

I switched from Google Authenticator to Authy years ago to get cloud sync. I don't see the point in moving back to Google, though.

I actually moved to Authy myself for this exact same reason. I was actually sick of having to go through trying to access my accounts again because Google Auth didn't have the cloud sync (if I moved or reset my phone). I also feel like I have a wider range of access to my Security codes as I'm able to access them from a computer.

When I used Google Authenticator previously, I don't think I could also use security features that Authy provides on Google Auth (such as face ID), although it has been some time since I last used Google Authenticator.

 

[julianps]

Do you guys honestly think Google employees will be using your 2FA keys to login to your accounts?

No, and whilst I'm sure the keys are encrypted on-device and on Google's servers, I question the security whilst in transit between the two. They wouldn't be the first 2FA service to make a buggers-muddle of that.

 

[Makosuke]

I've avoided Google Authenticator ever since I set it up to authenticate an important work account and one day it just stopped authenticating. I won't say I'm a Duo fan, but at least that actually works reliably.

 

[ignatius345]

This is a great reminder for me to migrate whatever OTPs I have in Google Authenticator over to 1Password...

 

[Radeon85]

Been using Authy for a very long time and I doubt I'll be using anyone else as long as they are still around, have had no issues switching over to new iPhones with Authy, I just verify it's me on another device once and I'm done, syncs great between my iPhone, iPad, Apple Watch and Windows.

 

[MasterControlProgram]

Nice try Google. 😂

 

[julianps]

I think the desirability of this new feature depends on how you use Google Authenticator. If you use GA 2FA codes for anything sensitive or confidential, such as banking (risk: losing control over a checking account or credit card) or mobile phone carrier accounts (risk: becoming the victim of a SIM swapping attack), it's probably better to copy the codes over to another device manually. That way you maintain complete control over critical information and avoid any exposure to the cloud.

But for logins that aren't for anything that needs to be kept private or secure, syncing via your Google account probably is OK in most circumstances.

In any case, I hope passkeys become widely adopted soon. Then all the time and effort we spend dealing with passwords and 2FA can be used on something more fun or more productive.

I use the Authenticator feature in Apple's Keychain. It syncs between iOS/iPadOS and MacOS and I keep the verification codes in the Notes/Comments field. iOS backup acts as insurance. And (for now) I trust Apple more than Google (Authenticator) or Microsoft (Authenticator). I did consider BitWarden, but why bother when Keychain is ubiquitous?

 

[klasma]

I wonder what the details of this picture are supposed to tell us: 🤔

Our starry 2FA keys are taking a partially discontinuous, convoluted path into a Google snowflake, and then fly away like birds, while clouds are passing by?

 

[Radeon85]

I have no issues with using any of Google's products but I'd rather not use them for my 2FA only because Google loves discontinuing stuff whenever they feel like it and they do it far to often.

 

[julianps]

Anyone wondering about what all the fuss is about, could do worse than to start here;

THIS 2-Factor-Authentication method is NOT secure!!​

 

[diego.caraballo]

I wonder what the details of this picture are supposed to tell us: 🤔

Our starry 2FA keys are taking a partially discontinuous, convoluted path into a Google snowflake, and then fly away like birds, while clouds are passing by?

Google icon designer is a 7 year old that was given 4 colors sharpie's